commit 0039bcf0c4f10b92917c26df70c7847f1ab0b51e
author Christopher Wiley <wiley@google.com> Fri Feb 05 10:29:50 2016 -0800
committer Christopher Wiley <wiley@google.com> Fri Feb 12 14:44:56 2016 -0800
tree 97096bcb209b096b798c662e724709ca71ea6ba1
parent e27e223dedcc8f7970d550cebd4a7dda3599ef03

brillo: Rely on static SELinux policy for camera

In Brillo, there are no applications, and SELinux policy can be
configured statically (at build time).  In this model, we control
access to the camera binder, and thus to the camera stack.

Bug: 26936651
Test: Brillo test camera client can connect to camera

Change-Id: I5207c2f78e4f36778b90aac29bf4317b62cbd3dd

services/camera/libcameraservice/CameraService.cpp

diff --git a/services/camera/libcameraservice/CameraService.cpp b/services/camera/libcameraservice/CameraService.cpp
index 3deb396..5c490b2 100644
--- a/services/camera/libcameraservice/CameraService.cpp
+++ b/services/camera/libcameraservice/CameraService.cpp
@@ -864,17 +864,6 @@
 
     int callingPid = getCallingPid();
 
-    if (clientUid == USE_CALLING_UID) {
-        clientUid = getCallingUid();
-    } else {
-        // We only trust our own process to forward client UIDs
-        if (callingPid != getpid()) {
-            ALOGE("CameraService::connect X (PID %d) rejected (don't trust clientUid %d)",
-                    callingPid, clientUid);
-            return PERMISSION_DENIED;
-        }
-    }
-
     if (!mModule) {
         ALOGE("CameraService::connect X (PID %d) rejected (camera HAL module not loaded)",
                 callingPid);
@@ -887,6 +876,31 @@
         return -ENODEV;
     }
 
+#if !defined(__BRILLO__)
+    status_t allowed = validateClientPermissionsLocked(cameraId, clientUid);
+    if (allowed != OK) {
+        return allowed;
+    }
+#endif  // defined(__BRILLO__)
+
+    return checkIfDeviceIsUsable(cameraId);
+}
+
+status_t CameraService::validateClientPermissionsLocked(const String8& cameraId, int& clientUid)
+        const {
+    int callingPid = getCallingPid();
+
+    if (clientUid == USE_CALLING_UID) {
+        clientUid = getCallingUid();
+    } else {
+        // We only trust our own process to forward client UIDs
+        if (callingPid != getpid()) {
+            ALOGE("CameraService::connect X (PID %d) rejected (don't trust clientUid %d)",
+                    callingPid, clientUid);
+            return PERMISSION_DENIED;
+        }
+    }
+
     // Check device policy for this camera
     char value[PROPERTY_VALUE_MAX];
     char key[PROPERTY_KEY_MAX];
@@ -909,7 +923,7 @@
         return PERMISSION_DENIED;
     }
 
-    return checkIfDeviceIsUsable(cameraId);
+    return OK;
 }
 
 status_t CameraService::checkIfDeviceIsUsable(const String8& cameraId) const {

services/camera/libcameraservice/CameraService.h

diff --git a/services/camera/libcameraservice/CameraService.h b/services/camera/libcameraservice/CameraService.h
index 4b0eeb7..13f6f82 100644
--- a/services/camera/libcameraservice/CameraService.h
+++ b/services/camera/libcameraservice/CameraService.h
@@ -482,6 +482,7 @@
 
     // Check if we can connect, before we acquire the service lock.
     status_t validateConnectLocked(const String8& cameraId, /*inout*/int& clientUid) const;
+    status_t validateClientPermissionsLocked(const String8& cameraId, /*inout*/int& clientUid) const;
 
     // Handle active client evictions, and update service state.
     // Only call with with mServiceLock held.